Is 2011 Finally the Actual Year of Mobile Malware?

This site may earn affiliate commissions from the links on this page. Terms of use.

"This year will be the year of mobile malware" has been such a staple of new years predictions that it has turned into a running joke. But thanks to the design of Android and its markets, and some innovative malware designers, we seem to be there. Android malware has moved well beyond the proof of concept stage.

It's already not uncommon to find hacked versions of legitimate Android apps around, even in the real Google Android Market. Typically these apps have an advertising module and the hacked version changes the URL of it to one the attacker controls. This ad site is used to deliver the payload.

But that payload may not be the end of the story. When you install a program in Android it asks the user to approve permissions on it. Most users probably quickly reach the point of ignoring these boring details, but for those who are more fastidious Symantec has identified malware which breaks the payload into further stages.

One problem with this approach is that it would normally require the user to accept the installation of any download and this is likely to catch the user's attention at some point. But Symantec found an attack which works its way around this. As seen in this series of screen captures:

Android.Jsmshider is digitally signed with an Android Open Source Project certificate, leading the system to accept the payload as a system update.

Other mobile platforms don't seem to be as amenable to malware as Android. This includes the iPhone/iPad, at least when they are not jailbroken. But the market volume leader is Android and, as in other markets, that's where malware authors go. Mobile malware has arrived.